Adding a new External Service Integration
Perform the following steps in order to fully add in a new external service integration:
Establish connectivity
Forward Proxy
SSL Keys ( roles and meta additions )
Security Group / ELB config
Rails config
Establish connectivity
From a fwdproxy instance on a given environment, try to reach the new service via whatever endpoint you have with curl
. Anything over port 443 should work, but alternate ports need an ESECC request.
Forward Proxy
Once you have verified connectivity, add entries to the forward proxy deployments: ansible/deployment/config/fwdproxy/<env>
SSL Keys
Many backend VA services require the use of a client SSL certificate and key for authentication. Securely generate a private key and certificate using the instructions at: Venafi: Create and download TLS certificates. (Note: Those instructions are for Platform engineers, specifically.) Add the cert as a Jinja2 template to ansible/deployment/config/fwdproxy/, and add the private key to AWS Parameter Store with a name like /devops/certificates/<service>.key
.
NOTE: Currently, we don't impose CN restrictions on the SSL certs for new External Service Integration
Security Group / ELB config
Validate the the ports assigned for the forward proxy are listed in the listener_ports
variable in terraform/environments/<env>/main.tf
. The port should match what is in the Forward Proxy config above.
Rails Config
Add in the require host redirects in ansible/deployment/config/vets-api/ <env>-settings.local.yml.j2
Prometheus has been replaced by Datadog.
Here is some information about getting started with Datadog:
If you have any issues or questions after checking the above documents, contact #dots-dsva
Help and feedback
Get help from the Platform Support Team in Slack.
Submit a feature idea to the Platform.